Overview
Apple Mac OS X fails to properly handle corrupted UDTO HFS+ image structures. This vulnerability may allow an attacker to cause a denial-of-service condition.
Description
Hierarchical File System (HFS+) is a file system that supports files that use 32-bit block addresses and Unicode file and folder naming conventions. UDTO is a format specification used to create DVD/CD-R master disk images. A vulnerability exists in the way Mac OS X handles corrupted UDTO HFS+ image structures. This vulnerability could lead to memory corruption. We are aware of publicly available proof-of-concept code that demonstrates this vulnerability. |
Impact
A remote, unauthenticated attacker may be able to cause a denial-of-service condition. |
Solution
Apply an upgrade |
|
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
References
- http://projects.info-pull.com/mokb/MOKB-21-11-2006.html
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6062
- http://secunia.com/advisories/23062/
- http://docs.info.apple.com/article.html?artnum=305214
- http://en.wikipedia.org/wiki/HFS_Plus
- http://secunia.com/advisories/24479/
- http://securitytracker.com/alerts/2007/Mar/1017751.html
- http://www.securityfocus.com/bid/21236
- http://www.securityfocus.com/bid/21201
Acknowledgements
This issue was reported in Month of Kernal Bugs MOKB-21-11-2006 by LMH.
This document was written by Chris Taschner.
Other Information
CVE IDs: | CVE-2006-6062 |
Severity Metric: | 5.57 |
Date Public: | 2006-11-21 |
Date First Published: | 2007-03-13 |
Date Last Updated: | 2007-03-22 19:28 UTC |
Document Revision: | 26 |